Allows ncat to properly process HTTP passwords that are either empty or contain colons. Fixes #984

ncat/ncat_connect.c

@@ -399,12 +399,13 @@ static char *http_connect_request_auth(char* host_str, unsigned short port, int
 
         /* Split up the proxy auth argument. */
         proxy_auth = Strdup(o.proxy_auth);
-        username = strtok(proxy_auth, ":");
+        username = proxy_auth;
-        password = strtok(NULL, ":");
+        password = strchr(proxy_auth, ':');
         if (password == NULL) {
             free(proxy_auth);
             return NULL;
         }
+        *password++ = '\0';
         response_hdr = http_digest_proxy_authorization(challenge,
             username, password, "CONNECT", sock_to_url(o.target,o.portno));
         if (response_hdr == NULL) {

ncat/ncat_proxy.c

@@ -888,12 +888,13 @@ static int check_auth(const struct http_request *request,
 
         /* Split up the proxy auth argument. */
         proxy_auth = Strdup(o.proxy_auth);
-        username = strtok(proxy_auth, ":");
+        username = proxy_auth;
-        password = strtok(NULL, ":");
+        password = strchr(proxy_auth, ':');
         if (password == NULL) {
             free(proxy_auth);
             return 0;
         }
+        *password++ = '\0';
         ret = http_digest_check_credentials(username, "Ncat", password,
             request->method, credentials);
         free(proxy_auth);